Fwd: [Samba] Changing LDAP password from Windows XP

Andy Colvin acolvin at enkitec.com
Sat Mar 3 17:15:42 GMT 2007 

I get a different error if I add "unix password sync = yes"  This time it
gives me the error "you do not have permission to change your password"
Everything that I've seen related to this error says to upgrade to 3.0.4,
but I'm running 3.0.24.

Any ideas?

Thanks,

Andy


-----Original Message-----
From: Marcin Giedz [mailto:giedz at arise.pl]
Sent: Saturday, March 03, 2007 10:46 AM
To: Andy Colvin
Cc: samba at lists.samba.org
Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP

Daniel Müller wrote:

Hi

your smb.conf file seems to be OK, however to be able to sync
sambapasswords with userPassword try to add

unix password sync = yes

to your smb.conf

Regards,
Marcin




> Hello,
>
> remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
> for testing.
> On my Suse 10.1 I do not need this and m y users can change their
passwords.
>
> greetings
> daniel
>
>
>
>
>
>
> -------- Original-Nachricht --------
> Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
> Von: "Andy Colvin" <acolvin at enkitec.com>
> An: samba at lists.samba.org
> CC:
> Betreff: [Samba] Changing LDAP password from Windows XP
>
> I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
> talking to Fedora Directory Server 1.0.4.  I've got everything set up so
> that I can add computers to the domain, add users using the smbldap-
> tools, and have users logging in.  When a user tries to change their
> password from within Windows (ctrl-alt-del) they get the error
>
>   "the user name or old password is incorrect.  letters in passwords
must
> be typed using the correct case."
>
> The strange thing is that the samba passwords (sambalmpassword,
> sambantpassword) are changed in the LDAP server, but the general account
> password (userpassword) is not changed.  I looked everywhere I could,
and
> couldn't find anything to cause this.  I can set passwords just fine
using
> smbldap-passwd and it will set all passwords.
>
> Here is a copy of my smb.conf:
>
> [global]
> workgroup = MAIL
> netbios name = YOURMOM
> security = user
> passdb backend = ldapsam:ldap://mail.yourmom.net
> ldap admin dn = cn=Directory Manager
> ldap suffix = dc=yourmom,dc=net
> ldap user suffix = ou=People
> ldap idmap suffix = ou=People
> ldap machine suffix = ou=Computers
> ldap group suffix = ou=Groups
> ldap passwd sync = yes
> ldap delete dn = no
> obey pam restrictions = no
> encrypt passwords = yes
> passwd program = /usr/sbin/smbldap-passwd %u
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> log file = /var/log/samba/log.%m
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> os level = 255
> domain logons = yes
> domain master = yes
> local master = yes
> preferred master = yes
> wins support = yes
> template shell = /bin/false
> winbind use default domain = no
> logon path =
> logon home =
>
> [netlogon]
>    comment = Network Logon Service
>    path = /var/lib/samba/netlogon
>    read only = yes
>    browseable = no
>
> [homes]
>    comment = Home Directories
>    browseable = no
>    read only = no
>    guest ok = no
>    create mode = 0664
>    directory mode = 0775
>
>
>
> Thanks,
>
>
>
> Andy Colvin
>
>

More information about the samba mailing list